PT-2017-14142 · Paessler · Prtg Network Monitor

Published

2017-10-20

Updated

2017-10-31

CVE-2017-15651

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PRTG Network Monitor version 17.3.33.2830

Description The issue allows remote authenticated administrators to execute arbitrary code. This can be achieved by uploading a .exe file and proceeding despite the error message.

Recommendations For PRTG Network Monitor version 17.3.33.2830, consider restricting file upload capabilities for authenticated administrators until a fix is available. As a temporary workaround, monitor the system for suspicious activity and limit the execution of arbitrary code by implementing additional security measures. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-15651

Affected Products

Prtg Network Monitor

PT-2017-14142 · Paessler · Prtg Network Monitor

CVE-2017-15651

Weakness Enumeration

Related Identifiers

Affected Products

References · 3